Rerouting for double-link failure recovery in an internet protocol network
A router in a survivable portion of a network may forward packets to a destination node even in the event of a double-link failure. For a given destination node, the router has previously been configured with a primary port, a primary backup port, and a secondary backup port. The router receives a packet addressed to the destination node within the survivable portion of the network, wherein the packet includes information indicating that the packet has encountered a failure. The router then selects one of (A) the primary port, (B) the primary backup port and (C) the secondary backup port on which to forward the received packet, such that a backup path with no dead loops is defined. The router may obtain a recovery distance of at least one of (A) the primary backup port based on a backup path to which it leads, and (B) the secondary backup port based on a backup path to which it leads, and may further obtain counter information in a packet indicative of a failure distance. In this case, the router may select a port whose recovery distance is greater than the failure distance. The router may identify a pattern of the failure. In this case, the router may make its selection using a forwarding policy associated with the identified pattern.
Latest Polytechnic Institute of New York University Patents:
- Determining user perceived delays in voice conferencing systems and video conferencing systems
- Methods using an intense control light at a first wavelength to cause a whispering gallery mode resonator to self tune at a second wavelength, and apparatus employing such methods such as optical pass/stop band filters and optical demultiplexers
- Providing a fast, remote security service using hashlists of approved web objects
- Biosensor and method of making same
- Biometric-rich gestures for authentication on multi-touch devices
This application claims the benefit of U.S. Provisional Patent Application Ser. No. 60/856,770 (incorporated herein by reference and referred to as “the '770 provisional”), titled: “IP FAST REROUTING FOR DOUBLE-LINK FAILURE RECOVERY,” filed on Nov. 2, 2006, and listing Kang Xi and Hung-Hsiang Jonathan Chao as inventors. The present invention in not limited to requirements of the particular embodiments described in the '770 provisional.
§1. BACKGROUND OF THE INVENTION§1.1 Field of the Invention
The present invention concerns IP networks. In particular, the present invention concerns failure recovery from double link failures using rerouting schemes that determine first and secondary backup ports within an IP network.
§1.2 Background Information
The Internet has evolved to a global information platform that supports numerous applications ranging from online shopping to worldwide business-related and science-related activities. For such a critical infrastructure, survivability is important in that services interrupted by equipment failures should be recovered as quickly as possible (See, e.g., S. Rai, B. Mukherjee, and O. Deshpande, “IP Resilience within an Autonomous System Current Approaches, Challenges, and Future Directions,” IEEE Commun. Mag., Vol. 43, No. 10, pp. 142-149 (October 2005).) Typically, a recovery time of tens of milliseconds satisfies most requirements (e.g., SDH/SONET automatic protection switching (“APS”) is completed within 50 ms (See, e.g., T. H. Wu and R. C. Lau, “A Class of Self-Healing Ring Architectures for SONET Network Applications,” IEEE Trans. Commun., Vol. 40, No. 11, pp. 1746-1756 (November 1992).). At the same time, it is desired that failure recovery schemes have low complexity and do not reserve redundant bandwidth.
Network failures can be caused by a variety of reasons such as fiber cut, interface malfunctioning, software bugs, misconfiguration and attacks (See, e.g., A. Markopoulou, G. Iannaccone, S. Bhattacharyya, C.-N. Chuah, and C. Diot, “Characterization of Failures in an IP Backbone,” IEEE INFOCOM (March 2004).) Despite continuous technological advances, failures have occurred even in well maintained networks.
An important issue of failure recovery is how to set up a new path to replace a damaged one. The main approaches used by today's IP networks are route recalculation and lower layer protection. Each is introduced below.
Routing protocols (such as open shortest path first (“OSPF”) (J. Moy. OSPF version 2, RFC 2328 (Standard) (April 1998)) and intermediate system to intermediate system intra-domain routing (“IS-IS”) are typically designed to perform failure advertising, route recalculation and routing table update to recover from failures. Although these mechanisms can deal with various types of failures, the time for the recovery process can easily reach seconds. Such delays can lead to long service disruptions, dropped packets, latency, etc., to an extent unacceptable for certain applications (such as stock trading systems, for example).
On the other hand, lower layer protection achieves fast recovery by establishing backup connections in advance (e.g., a time slot channel). These previously established backup connections are used to quickly replace damaged connections. In this case, the IP layer can be protected from failures without any modifications on the routing tables. However, this type of approach reserves redundant bandwidth (such as redundant links or channels on links, redundant ports, etc.) for the backup connections. More importantly, relying on lower layer protection means the IP layer is not independent in term of survivability. From this point of view, an original objective of packet switching—to design a highly survivable network where packet forwarding in each router is adaptive to the network status—is still not fully achieved (See, e.g., P. Baran, “The Beginnings of Packet Switching Some Underlying Concepts, IEEE Commun. Mag., Vol. 40, No 7, pp. 42-48 (July 2002).).
The framework of IP fast rerouting (“IPFRR”) is described in a recent draft of Internet Engineering Task Force (“IETF”). (See, e.g., M. Shand and S. Bryant, “IP fast reroute framework,” Internet-Draft, October 2005. Basically, IPFRR lets a router maintain (the identity of) a backup port for each destination and use the backup port to forward packets when the primary port fails. Since the backup ports are determined in advance and do not occupy or otherwise reserve redundant bandwidth, IPFRR can achieve fast failure recovery with great cost-efficiency.
IPFRR and the following presume that failure detection has already occurred (e.g., using known or proprietary techniques). Examples of known failure detection techniques are described in the articles, L. Fang, A. Atlas, F. Chiussi, K. Kompella, and G. Swallow. “LDP Failure Detection and Recovery,” IEEE Commun. Mag., Vol. 42, No. 10, pp. 117-123 (October 2004), and S. Q. Zhuang, D. Geels, I. Stoica, and R. H. Katz. “Fast IP Network Recovery Using Multiple Routing Configurations,” IEEE INFOCOM, Vol. 3, pp. 2112-2123 (March 2005).
IP fast rerouting (IPFRR) has gained much attention for network survivability. The idea of IPFRR is to proactively calculate backup ports that can be used to replace primary ports temporarily until the subsequent route recalculation is completed.
; X. Yang and D. Wetherall, “Source Selectable Path Diversity Via Routing Delfections,” ACM Sigcomm (2006); Z. Zhong, S. Nelakuditi, Y. Yu, S. Lee, J. Wang, and C.-N. Chuah, “Failure Inferencing Based Fast Rerouting for Handling Transient Link and Node Failures,” IEEE Global Internet, (March 2005).). Each of these references is incorporated herein by reference. Almost all of the references consider single-link failures or single node failures only.
Therefore, it would be useful to provide an IPFRR scheme that handles double-link failures. Although double-link failures have been investigated in optical networks (See, e.g., A. Chandak and S. Ramasubramanian, “Dual-Link Failure Resiliency through Backup Link Mutual Exclusion,” IEEE Broadnets, pp 258-267 (2005); H. Choi, S. Subramaniam, and H. Choi, “Loopback Recovery from Double-Link Failures in Optical Mesh Networks,” IEEE/ACM Trans. Netw., Vol. 12, No. 6, pp. 1119-1130 (2004); W. He and A. Somani, “Path-Based Protection for Surviving Double-Link Failures in Mesh-Restorable Optical Networks,” IEEE Globecom (2003).), the solutions suggested in optical networks cannot be used in IP networks where routing is destination-based instead of flow-based. One may argue that multiple links usually do not fail simultaneously, thus the study of double-link failure recovery is of less importance. However, when an IP topology is built on top of a WDM network, the failure of a single fiber disconnects all the logical links it carries, which results in multiple simultaneous failures and is called shared-risk link-group (SRLG) problem (See, e.g., L. Shen, X. Yang, and B. Ramamurthy, “Shared Risk Link Group (SRLG)-Diverse Path Provisioning under Hybrid Service Level Agreements in Wavelength-Routed Optical Mesh Networks,” IEEE/ACM Trans. Netw., Vol. 13, No. 4, pp. 918-931 (August 2005); and D. Xu, Y. Xiong, C. Qiao, and G. Li, “Failure Protection in Layered Networks with Shared Risk Link Groups,” IEEE Netw., Vol. 18, No. 3, pp. 36-41 (May 2004.).) Therefore, it would be useful to provide a double-link failure recovery scheme for IP networks or networks in which routing is destination-based.
§1.2.1 Previous Approaches to IP Fast Rerouting, and Perceived Limitations of Such Approaches
A simple scheme related to IPFRR is equal cost multi-paths (“ECMP”), where a number of paths with the same cost are calculated for each source/destination pair. (See, e.g., A. Iselt, A. Kirstdter, A. Pardigon, and T. Schwabe, “Resilient Routing using ecmp and mpls,” IEEE High Performance Switching and Routing (HPSR) (April 2004).) A failure on a particular path can be handled by sending packets along an alternate path. This approach has been implemented in practical networks. However, equal cost paths might not exist in certain situations (such as in a ring). Thus, it has been reported that ECMP cannot guarantee 100% failure recovery.
A scheme to find loop-free alternate paths is presented in the paper, A. Atlas, “Basic Specification for IP Fast-Reroute: Loopfree Alternates,” Internet-Draft, (February 2005). Consider the routing from S to D. If S has a neighbor X that satisfies d(X,D)<d(X,S)+d(S,D), where d(i,j) is the cost from i to j, it can send packets to X as an alternate path. The condition ensures that packets do not loop back to S. Similar to ECMP, this scheme does not guarantee 100% failure recovery since a node might not have a neighbor X that satisfies the foregoing condition.
The paper S. Bryant, M. Shand, and S. Previdi, “IP Fast Reroute using Not-Via Addresses,” Internet-Draft, (October 2005) proposes a scheme to set up a tunnel from node S to node Y that is multiple hops away. The alternate path to a destination D is from S to Y then to D. This guarantees 100% failure coverage. Unfortunately, the maintenance of many tunnels imposes extra costs, and fragmentation can occur when the encapsulated IP packet is longer than the maximum transmission unit (“MTU”).
A scheme called failure insensitive routing (“FIR”) for recovering from single-link failures is presented in the paper S. Lee, Y. Yu, S. Nelakuditi, Z. Zhang, and C.-N. Chuah, “Proactive vs Reactive Approaches to Failure Resilient Routing,” IEEE INFOCOM (March 2004). Given a primary path S→D, FIR identifies a number of key links such that removing any of these links forces the packets go back to S. Therefore, the failure of any key links can be inferred by S if a deflected packet occurs. To provide an alternate path, FIR removes the key links and runs shortest path routing from S to D. FIR is extended to cover single-node failures in the paper Z. Zhong, S. Nelakuditi, Y. Yu, S. Lee, J. Wang, and C.-N. Chuah, “Failure Inferencing based Fast Rerouting for Handling Transient Link and Node Failures,” IEEE Global Internet (March 2005). The scheme is also applicable to networks using ECMP. Unfortunately, it does not consider the general case of multi-path routing where the paths may not have equal cost. In addition, determining extra shortest paths can be computationally expensive.
An algorithm called multiple routing configuration (“MRC”) is presented in the paper A. Kvalbein et al., “Fast IP Network Recovery using Multiple Routing Configurations,” IEEE INFOCOM (April 2006). Under MRC, each router maintains multiple routing tables (configurations). After a failure is detected, the routers search for a configuration that can bypass the failure. After that, the index of the selected configuration is inserted into packet headers to notify each router which routing table to use. MRC achieves 100% failure coverage. Unfortunately MRC has to maintain multiple routing tables and add an extra index to packet headers.
The paper X. Yang and D. Wetherall, “Source Selectable Path Diversity via Routing Deflections,” ACM Sigcomm, (2006), discusses how to find multiple paths between source/destination pairs using routing deflection, and derives three conditions that achieve generic path diversity. Although the scheme is not designed for a specific application, it is shown to be promising for failure recovery. Unfortunately, directly using the scheme cannot guarantee 100% failure coverage.
In view of the foregoing, it would be useful to facilitate fast failure recovery of double link failures in IP networks, preferably without introducing high complexity and/or high resource usage.
§2. SUMMARY OF THE INVENTIONA router in a survivable portion of a network may forward packets to a destination node even in the event of a double-link failure. For a given destination node, the router has previously been configured with a primary port, a primary backup port, and a secondary backup port. The router receives a packet addressed to the destination node within the survivable portion of the network, wherein the packet includes information indicating that the packet has encountered a failure. The router then selects one of (A) the primary port, (B) the primary backup port and (C) the secondary backup port on which to forward the received packet, such that a backup path with no dead loops is defined.
In at least some embodiments consistent with the present invention, the router obtains a recovery distance of at least one of (A) the primary backup port based on a backup path to which it leads, and (B) the secondary backup port based on a backup path to which it leads, and further obtains counter information in a packet indicative of a failure distance. In such embodiments, the router selects a port whose recovery distance is greater than the failure distance.
In at least some embodiments consistent with the present invention, the router may identify a pattern of the failure. In such embodiments, the router makes its selection using a forwarding policy associated with the identified pattern.
The present invention may involve novel methods, apparatus, message formats, and/or data structures to facilitate fast failure recovery from a double link failure by determining first and secondary backup ports for nodes within an IP network. The following description is presented to enable one skilled in the art to make and use the invention, and is provided in the context of particular applications and their requirements. Thus, the following description of embodiments consistent with the present invention provides illustration and description, but is not intended to be exhaustive or to limit the present invention to the precise form disclosed. Various modifications to the disclosed embodiments will be apparent to those skilled in the art, and the general principles set forth below may be applied to other embodiments and applications. For example, although a series of acts may be described with reference to a flow diagram, the order of acts may differ in other implementations when the performance of one act is not dependent on the completion of another act. Further, non-dependent acts may be performed in parallel. No element, act or instruction used in the description should be construed as critical or essential to the present invention unless explicitly described as such. Also, as used herein, the article “a” is intended to include one or more items. Where only one item is intended, the term “one” or similar language is used. Thus, the present invention is not intended to be limited to the embodiments shown and the inventors regard their invention as any patentable subject matter described.
§4.1 Example of a Double-Link Failure and Rerouting in Response to Such a Failure
The operation of an exemplary embodiment consistent with the present invention, in case of a double link failure in a simple IP network with nodes having primary ports and backup ports is described.
Embodiments consistent with the present invention proactively calculate a first backup port and a second backup port that can be used to replace primary ports as well as failed exit links temporarily until the subsequent route recalculation is completed. In essence, each IP router (node) has a first backup port and a secondary backup port such that (1) in a case of no failure, all the routers use primary ports for packet forwarding and (2) in a case of failure, a subset (or in some cases, the entire set) of routers switch to the backup ports for failure recovery.
Referring now to
Determining backup ports is non-trivial because inconsistency between backup ports may create routing loops. For example, referring to
Determining how to perform failure recovery helps routers determine when to use primary ports, first backup ports and secondary backup ports. In particular, it is desired to make the decision without waiting for failure advertisement to shorten service disruption. These issues are addressed by various exemplary embodiments consistent with the present invention.
§4.2 Determining Backup Ports for Recovering from a Double-Link Failure
This section provides a detailed explanation of how to determine backup ports for double link failures in an IP network.
A process consistent with the present invention can be summarized as follows:
-
- 1) During the planning stage, find backup ports for each router; and
- 2) When a failure occurs, let one or more routers choose their backup ports for local rerouting, which forms backup paths with no dead loops.
The questions to be answered for double-link failure recovery are:
To guarantee 100% failure recovery, what is the minimum number of backup ports required by each router? The answer is critical to the hardware complexity since the backup ports must be stored in the routing tables. It has been proven in previous work that one backup port is sufficient for single-link/node failure recovery. This application proves that two backup ports in each router are sufficient for double-link failure recovery.
-
- How to find the backup ports? The present inventors formulate this question as an integer linear programming (ILP). Solving the ILP directly involves high complexity. Therefore, embodiments consistent with the present invention may use a heuristic algorithm as a practical approach.
- During failure recovery, how does each router choose the correct port from among its primary and backup ports without advertising the failed links?
The routers are coordinated to form backup paths without dead loops. For example, the failure in
Before a mathematical formulation is presented, certain assumptions are made. First the topology is assumed to be a “Survivable Topology”. A network topology is said to be survivable to double link failures if all the nodes remain connected after the failed links are removed. It is always assumed that the network topology is survivable since it is impractical to achieve failure recovery otherwise. Further, within an autonomous system (AS), all the primary paths to each particular node form a forwarding tree. Without loss of generality, node 1 is selected as the destination in the following description unless another node is explicitly specified as the destination. It is further assumed that each link is bidirectional, but the costs along the two directions could be different. No restrictions on the primary paths are introduced, which can be assigned in any manner, including determined using either shortest or non-shortest path algorithms.
In normal operation, the primary paths to node 1 form a spanning tree of the topology. When a failure occurs, a subset of the nodes switch to their backup ports for fast rerouting, and the set of forwarding paths are changed accordingly. The rerouting is correct if and only if the new set of forwarding paths still form a spanning tree with node 1 as the root. Based on this observation, the present inventors have formulated the problem of an IPFRR scheme that handles double-link failure (with node 1 as the destination) as the following integer linear programming (ILP) problem. The notations are defined in Table 1.
Given:
A network (V,E) and the primary port of each node pn (n=2, . . . , N).
Minimize:
Subject To:
where variables in (2)-(11): •x,y,u,v,i,j,nεV; n≠1.
The forgoing formulation is now explained. The objective function (1) is chosen to minimize the aggregated length of the forwarding paths under all kinds of failure patterns. Constraint (2) guarantees that each node has a continuous forwarding path to node 1. Equation (3) means that each node has no more than one parent. This constraint and constraint (2) guarantee that the forwarding paths under each failure pattern form a spanning tree. For example, suppose node i chooses m as the next hop when link x-y and u-v fail, there must be
For any other node k (k≠m), it does not have traffic coming from node i, which means
Equation (4) means node 1 generates no traffic. Constraints (5) and (6) mean that traffic is carried only by those links that experience no failure. Equations (7) and (8) ensure that each node uses either its primary port or one of its backup ports. Finally, equation (9) means that port pns,y;u,v is always used to forward the traffic from node n to node 1.
Solving the ILP yields two set of variables:
-
- Ports: the backup ports of node n: bn, and {circumflex over (b)}n;
- Configurations: the port selection of node n when link x-y and u-v fail: αnx,y;u,v, βnx,y;u,v and γnx,y;u,v.
However, the calculation is very complex, especially when the size of the network is large. On the other hand, it is not clear if the port selection during recovery can be done without failure advertising since α, β and γ are based on failure locations. Therefore, at least some embodiments consistent with the present invention used a practical heuristic algorithm, described below.
First the principles of the present invention using single-link failure are presented. Then, double-link failures are classified into several patterns and schemes, consistent with the present invention, for each pattern are explained. After that, the details of the algorithm and forwarding policy are presented. The notations being used are:
An example illustrating operations consistent with the present invention is presented using
For a single-link failure, a method consistent with the present invention scans the black sub-tree in breadth-first order to find the first node that links to a white node, which is an exit node. In
Recovery from double-link failures is more complicated and extends single-link recovery techniques. Such recovery is described below using the following definitions:
Failure Distance: Given a sub-tree T(W) created by a link failure, the failure distance from each node n(nεT(W)) to the failed link is defined as L(n)-L(W). In
Recovery Distance: Given a backup port of node n and its backup path B(n), the merge point of B(n) and its primary path P(n) is Z=(P(n)∩B(n)).start. The recovery distance of the backup port through the given backup path is defined as the hop count from node n to node Z along the primary path: L(n)-L(Z). In
Dependent: Given two mutual exclusive sub-trees T(W) and T(Z), when the primary port of Z fails, if all possible paths from node Z to node 1 have to traverse T(W), T(Z) is defined as a dependent of T(W). In
Embodiments consistent with the present invention may operate to:
-
- Find two exits for each sub-tree to handle double-link failures.
- Find two backup ports for each node.
- Calculate the recovery distance of each backup port based on the backup path it leads to.
- When a packet sees a failure, a counter is set to indicate the failure distance, which is updated in subsequent routers. (In
FIG. 4A , if a packet sees e1 at node 4, its counter is set to 1 when being sent to node 5, and node 5 increases the counter to 2 before forwarding the packet to node 7.) - To achieve failure recovery in at least some embodiments consistent with the present invention, a router selects the backup port whose recovery distance is greater than then failure distance. For example, in
FIG. 4A , node 5 can use the illustrated backup path to bypass e1 because the recovery distance is greater than the failure distance.
§4.2.1 Failure Pattern Analysis
This section describes double-link failure patterns that may occur in an IP network. Specifically, Table II provided below and
The classified failure patterns include:
-
- Pattern 1, 2 and 3: Since e2 does not affect B(W), the backup path can be used to bypass e1 successfully, as shown in the examples illustrated by
FIGS. 4A-4C . InFIG. 4A , failure e1 creates the black sub-tree T(4) and failure e2 between link 2-3 does not affect the backup path B(4)=4→5→7→3→1. Hence, packets sent/forwarded by node 4 may use the backup path to bypass e1 successfully and reach the destination node 1. InFIG. 4B , failure e1 creates the black sub-tree T(4) and failure e2 within the black sub-tree T(4) between primary link 8-5 does not affect the backup path B(4)=4→5→7→3→1. Hence packets sent/forwarded by node 4 may use the backup path to bypass e1 successfully and reach the destination node 1. InFIG. 4C , failure e1 creates the black sub-tree T(6) and failure e2 creates another black sub-tree T(2), however failure e2 does not affect the backup path B(6)=6→8→5→4→1 (not shown inFIG. 4C ). Hence packets sent/forwarded by node 6 may use the backup path to bypass e1 successfully and reach the destination node 1. - Pattern 4: Since e2∉T(1) and e2εB(W), the failure must be on the exit link of T(W). Therefore, we find another exit for T(W), which is not affected by e2. In
FIG. 4D , failure e1 creates the black sub-tree T(4) and failure e2 between link 7-3 affects the first backup path B(4)=4→5→7→3→1 used inFIGS. 4A-4B . Hence, packets sent/forwarded by node 4 may use the secondary backup path B^(4)=4→5→7→10→2→1 to bypass e1 and e2 successfully and reach the destination node 1. - Pattern 5: e1 and e2 create two black sub-trees. The key is to avoid dead loops between them. In
FIG. 4E , T(6) is a dependent of T(8) because all its exits go to T(8). Therefore, T(8) must have at least one exit that does not go back to T(6), which is 8→12→11. As a result, packets forwarded from the sub-trees T(6) and T(8) may use the exit link 12→11 to bypass e1 and e2 successfully and reach the destination node 1. - Pattern 6: e2 creates a sub-tree T(Y) inside T(W). In
FIG. 4F , W=4 and Y=7. The recovery of T(Y) is straightforward because following part of B(W) can bypass both failures. For example, 7→3→1. So the key problem is the recovery of T(W)\T(Y). The solution is: first step, find a backup path for T(W)\T(Y) that does not traverse T(Y); second step, if such a path does not exist, find a path that can enter T(Y). InFIG. 4F , the second step is reached and the final backup path from node 4 is B(4)=4→5→8→12→11→7→3→1.
- Pattern 1, 2 and 3: Since e2 does not affect B(W), the backup path can be used to bypass e1 successfully, as shown in the examples illustrated by
§4.2.2 Exemplary Embodiment for Determining Backup Ports for Double-Link Failures
-
- rW1—The recovery distance by taking bW, if the backup path spans only one exit link.
- rW2—The recovery distance by taking bW, if the backup path spans two exit links.
- εW—εW=True/False indicates bW points to an exit/non-exit link.
- ΔW—ΔW=L(bW)−L(W).
The difference between rW1 and rW2 is explained using
When bW does not point to an exit link, the value of ΔW is always 1 because going through that port moves to a child node of W, which means the failure distance increases by one. ΔW is used to maintain the correct failure distance when W is the first exit node of a two-exit backup path. Consider the backup path in
The following paragraphs describe in detail the algorithms used in determining a first backup port and a second backup port for each node in an IP network. The details of first, second and third algorithms are presented in the following and use examples to show how they work. When performing breadth-first search for an exit link, the children of each node is sorted by their indexes. When an exit node has multiple exit links, the one creating the shortest backup path is chosen. If there is a draw, the exit link pointing to the node is chosen with the minimum index.
First Algorithm (Process A):
The sub-tree T(W) is dyed black and T(1)\T(W) white, then its first exit node XW1 and exit link xW1 are determined as follows:
-
- 1) If bW=null, go to step 2). If bW≠null, a backup path for T(W) is already found go to step (3).
- 2) Scan T(W) in breadth-first order and check the neighbor(s) of each node, to find the first node that links to a white node. The node and the link are XW1 and xW1, respectively. Go to step (4).
- 3) If rW1≠null, the first exit of T(W) is already configured, stop. Otherwise, follow the first backup ports of node W and the subsequent nodes until an exit of T(W) is reached, where the exit node and link are XW1 and xW1, respectively.
- 4) The primary path of W is P(W), and its backup path found in the previous step is B(W). The merge point of the two paths outside T(W) is Z=(P(W)∩B(W)). start.
- 5) Denote the primary path from XW1 to W as v1→v2 . . . →vK, where v1=XW1 and vK=W. Let v0=xW1.end and set the backup port and port attributes of vk (k=1, . . . , K) as follows:
- bv
k =vk−1; - rv
k 1=L(vk)−L(Z); - εv
k =(k==1)?True:False; - Δv
k =L(vk−1)−L(vk);
- bv
Using T(4) in
Second Algorithm (Process B):
The sub-tree T(W) is dyed black and T(1)\T(W) white, then its secondary exit node XW2 and exit link xW2 are determined as follows:
-
- 1) If {circumflex over (b)}W≠null, the secondary backup path of W is already found, go to step 2) to find the exit. Otherwise, go to step (3).
- 2) If {circumflex over (r)}W1≠null, the secondary exit of T(W) is already configured, stop and exit. Otherwise, take {circumflex over (b)}W and follow the first backup port of each subsequent node recursively until an exit of T(W) is found. Denote the exit node and link as XW2 and xW2, respectively. Go to step (4).
- 3) Denote the partial first backup path from W to XW1 as w1→w2 . . . →wH, where w1=W and wH=XW1. Let wH+1=null, from h=1 to H, assume link wh−wh+1 fails, scan T(wh)\T(Wh+1) in breadth-first order and check the neighbor(s) of each node to find the first node U that links to a white node through link u. Set XW2=U and xW2=u if U and u satisfy:
- u is different from T(W)'s first exit link: u≠xW1;
- Find the merge point of the first backup path of T(W) and the backup path from W through link u:
M=(B(W)∩P(u.end)).start (12) - Since both backup paths go to T(M), u must be selected such that T(M) is not a dependent of T(W) to avoid permanent loop (Recall the definition of “dependent” in §4.2 above.).
- If both the first and secondary backup paths of T(M) are already found, u must be selected such that at least one of T(M)'s backup path does not traverse T(W), that is:
xM1.end∉T(W) or xM2.end∉T(W) (13)
- 4) The merge point of the primary path and the secondary backup path from node W is:
Z=(P(W)∩P(xW2.end)).start (14) - and the merge point of the primary paths from the two exit nodes is:
Y=(P(XW1)∩P(XW2)).start (15) - Denote the path from XW2 to Y as v1→v2 . . . →vK, where v1=XW2 and vK=Y Let v0=xW2.send and set the first backup port of each vk (k=1, . . . , K) as follows:
- bv
k =vk−1; - rv
k 1=L(vk)−L(Z); - εv
k =(k=1)?True:False; - Δv
k =L(vk−1)−L(vk);
- bv
- Finally, set the secondary backup port of Y:
- {circumflex over (b)}Y=vK−1;
- {circumflex over (r)}Y1=L(Y)−L(Z);
- {circumflex over (ε)}Y=(Y=XW2)?True:False;
- {circumflex over (Δ)}Y=L(vk−1)−L(Y);
For pattern 4, the second failure disconnects the first exit link. Since the second algorithm (process B) ensures the secondary exit link to be different from the first one, pattern 4 failures are always recovered. In
For pattern 5, the second algorithm ensures that two sub-trees do not point all their exit links to each other, thus avoiding dead loops and covering all such failures. Consider T(8) in
For pattern 6, if step (3) finds an exit when h=1, it means all possible failures on the first backup path can be recovered using the secondary backup path. In
On the other hand, if step (3) stops when h>1, the failures between w1 and wh cannot be recovered because the black sub-tree between the two failures does not have white neighbors. In
Third Algorithm (Process C):
The sub-tree T(W) is dyed black and T(1)\T(W) white, then study a subset of pattern 6 where the second failure creates a sub-tree T* within T(W) and the backup path from W must traverse T*. Such is the case in
If {circumflex over (b)}W≠null, node W already has a secondary backup port, which means pattern 6 is fully covered and thereafter algorithm 3 (Process C) stops. Otherwise, use node Y in (15) and denote the primary path from Y to W as w1→w2→ . . . →wH, where w1=Y and wH=W. Let h=2,
-
- 1) Assume link wh−wh−1 fails, dye T(wh−1) white because it can use the first exit link of T(W) to forward packets. Then T(wh)\T(wh−1) is scanned in breadth-first order and the neighbor(s) of each node are checked to find the first node U that links to a white node through link u. In this case, the white node certainly belong to T(wh−1). If such a node exists, the two-exit backup path is found: starting from node W, the backup path first goes to U, then takes link u to T(wh−1), from which it goes through xW1 and finally reaches node 1. If the scan ends with no hit, let h=h+1 and repeat this step.
- 2) Find the merge point of the primary paths from U and Y:Z=P(U)∩P(Y). Denote the path from U to Z as v1→v2 . . . →vK, where v1=U and vK=Z. Let v0=u.end and configure the first backup port of vk (k=1, . . . , K) as follows:
- bv
k =vk−1; - rv
k 1=L(vk)−L(Z); - εv
k =(k=1)?True:False; - Δv
k =L(vk−1)−L(vk);
- bv
- Then configure the secondary backup port of node Z:
- {circumflex over (b)}Z=vK−1;
- {circumflex over (r)}Z2=L(Z)−L(XW1)+rX
1 1 1; - {circumflex over (ε)}Z=(Z=U)?True:False;
- {circumflex over (Δ)}Z=L(vk−1)−L(Z);
- If Z W, stop. Otherwise, let h=h+1, if h≦H, go back to the previous step.
The third algorithm is demonstrated using T(4) in
§4.2.3 General Method
Subsequently, the method 500 may proceed to determine the first backup port(s) of the node(s) using the first algorithm (Process A) and update the routing tables according to the determined first backup port(s). (Blocks 520 and 525) Once, Process A has been completed, the method 500 may attempt to determine secondary backup port(s) of the node(s) using the 2nd algorithm (Process B). (Block 530) If the secondary backup port(s) was found using the 2nd algorithm (Process B), then, the routing tables is updated according to the determined secondary backup port(s), and the method 500 continues to 550. (Blocks 533 and 535) If, on the other hand, the secondary backup port(s) was found using the 2nd algorithm (Process B), then the method 500 will determine other secondary backup port(s) of the node(s) using the third algorithm (Process C) and update the routing tables according to the determined other secondary backup port(s). (Blocks 533, 540 and 545)
Subsequently, the method 500 may then move on to the next router in the routing path tree and repeat the above steps in determining backup ports. (Block 550) When the loop 510-550 has been run for each router of the routing path tree, the method 500 is left. (Node 555)
Referring to blocks 520, 530 and 540, examples of processes A, B, and C have been descried in detail above. By running processes A, B and C in an IP network, first and secondary backup ports may be determined for every node. Specifically, Process A determines first backup ports, Process B determines some or all secondary backup ports, and Process C determines any secondary backup ports which could not be determined using Process B. Therefore, all failure patterns that may occur in the network may be handled so that proper packet forwarding and the network reliability are maintained. The flow diagrams of Process A, B, and C are described below with reference to
In some embodiments consistent with the present invention, the method 600 might be run at one location and the results might be signaled to the appropriate nodes.
Referring back to decision block 702 of
Next, the method 700 checks whether the next selected node/router (if available) is the last on the partial first backup path. (Block 718) If the next selected node/router is not the last along the partial first backup path, then the method 700 may simply repeat the blocks in the loop 706-714. On the other hand, if the next selected node/router is the last along the first partial backup path, then the method may proceed to block 720 via node A.
Referring to node A of
Referring to node B of
In some embodiments consistent with the present invention, the method 700 might be run at one location and the results might be signaled to the appropriate nodes.
On the contrary, if it is determined that the router does not have a secondary backup port assigned, the method 800 may proceed to determine a secondary backup port for the router as shown in the following blocks. Specifically, the method 800 may define a partial primary path from the merge node (determined in Process B) to the root node of the sub-tree (black part). (Block 806) For each node/router along the partial primary path, the method 800 may assume the link to the node's parent node along the partial primary paths fails, defining a further sub-tree rooted by the parent node and excluding a sub-tree rooted by the node, and redefining the first part (white part) of the routing path tree to include the excluded sub-tree rooted by the node. (Block 810)
Next, the method 800 may determine, using a breadth-first search of the further sub-tree, a further first exit node and further first exit link from the further sub-tree to the redefined first part (white part) of the routing path tree.
Thereafter, the method 800 may check whether an exit node and exit link has been found. (Block 814) If an exit node and exit link has not been found, then the method 800 may proceed to the next router/node along the partial primary path; therefore, the method 800 needs to checks if there is another router/node available on the partial primary path. (Block 814 and 816) If an available router/node is available on the partial primary path, then the method 800 may repeat the blocks of the loop 808-814. (Block 816 and node D) If no router/node is available on the partial primary path, then the method 800 is left. (Block 816 and Node 818)
Referring back to decision block 814, if an exit node and exit link have been found, then the method 800 may proceed to the acts of blocks 820-830. Specifically, the method 800, may determine a double-exit backup path from the root of the sub-tree (black part) to the destination node, wherein the double-exit backup path includes 1) the determined further first exit node and further first exit link to the redefined first part (white-part), as well as 2) the first exit node of the sub-tree (black part). (Block 820) Next, the method 800 may determine a second merge node/point of the primary path from the further first exit node and the primary path from the first merge node (Block 822) and also, define a path from the further exit node to the second merge node (Block 824). Thereafter, the method 800 may determine ports of the routers on the path from the further first exit node to the second merge node (Block 826) wherein, the method 800 may assign the determined ports as the first backup ports excluding the second merge node (Block 828), and further assign the determined port of the second merge node as the secondary backup port (Block 830). The method 800 then proceeds, via node E, to the next router/node along the partial primary path. (Block 816) Therefore, the method 800 needs to checks if there is another router/node available on the partial primary path (Block 816), already described above.
In some embodiments consistent with the present invention, the method 800 might be run at one location and the results might be signaled to the appropriate nodes.
§4.3 Using Backup Ports for Failure Recovery
This section describes exemplary embodiments for performing failure recovery in a manner consistent with the present invention. When a failure occurs, only a subset of routers needs to switch to their backup ports. Therefore, a router may need to determine when to forward packets to its first backup port, when to forward packets to its secondary backup port, and when to use the primary port. The first, second and third algorithms may find feasible backup paths. The forwarding policy described in this section selects the correct ports to ensure such paths are actually taken. Embodiments consistent with the present invention identify the pattern of the current failure(s) and then decide which port to use. To do this, each packet pk is assigned to carry the following tags in its header:
-
- pk.f: pk.f=True indicates pk has encountered a failure.
- pk.s: pk.s=0 means pattern 1/2/3, pk.s=1,2, and 3 identify pattern 4,5 and 6, respectively.
- pk.c counts the number of exit link(s) pk has traversed.
- pk.l indicates the failure distance (refer Definition 2).
Since the recovery of patterns 1, 2 and 3 are identical; they are not distinguishable in pk.s. Some embodiments consistent with the present invention are optimized such that pk.s and pk.c need only 3 bits in total.
In normal operation (no failure), the method 900 always forwards a packet to the primary port wherein the packets finally reaches its destination. (See Blocks 905, 910 and 940.) When it encounters a failed primary port, for instance at node W (See
If the packet encounters a failed exit link, the method 900 may assume that a pattern 4 failure (See, e.g.,
If the packet encounters another failed primary port, the method 900 may assume that a pattern 5 failure (See, e.g.,
In case 1 (
In case 2 (
In case 3 (
Referring back to 920 of
After the failure pattern has been recognized, the packet may be forwarded using a forwarding policy. The flow diagrams of
-
- pk.f: Set to True when a failure is encountered, never set back to False.
- pk.s: Updated when pk is blocked by a failure.
- pk.c: pk.c+1→pk.c when pk spans an exit, also updated as shown in the flow diagram of
FIGS. 12A-12F . - pk.l: If pk spans the exit of a one-exit path or the second exit of a two-exit path, 0→pk.l, else if pk.l>0, pk.l+Δn→pk.l when through
- bn; pk.l+{circumflex over (Δ)}n→pk.l when through bn; and pk.l−1→pk.l when through pn.
According to the flow diagrams of
Referring back to block 1115, if on the other hand, the packet has not encountered a failure having a failure distance greater than zero, then the method 1100 may further proceed to examine if the packet has encountered a primary port failure. (Block 1120) If the packet has not encountered a primary port failure, then the method 1100 may forward the packet through the router's primary port (Block 1145) before the method is left (Node 1155) On the other hand, if the packet has encountered a primary port failure, then the method 1100 checks again if the packet has encountered another failure. (Blocks 1120 and 1125) If the packet has not encountered another failure, then the method 1100 may assume that a failure patter n1, 2, or 3 has occurred in the network. (Blocks 1125 and 1130) On the other hand, if the packet has encountered another failure, then the method 1100 may assume that a failure pattern 5 or 6 has occurred in the network. (Blocks 1125 and 1135)
Thereafter, the method 1100 may recognize that the packet has encountered a failure and its failure distance is zero, and the appropriate parameters in the packets header are set. (Block 1140) Subsequently, the method 1100 may determine the failure pattern that has occurred and select the appropriate output forwarding port before the method 1100 is left. (Blocks 1150 and 1155)
Referring to nodes 1 and 3 and
Referring to
Referring to
Referring to
Finally, referring to
§4.4 Illustrative Example of Operations of Exemplary Process
Continuing, Process B (2nd algorithm) is employed next wherein a secondary exit node may be determined resulting in a secondary backup path and the determination of secondary backup ports as well as first backup ports. In accordance with the acts of Process B, as illustrated in
Continuing, Process C (3rd algorithm) is employed next wherein a double-exit backup path is determined and the determination of further secondary backup ports as well as first backup ports is accomplished. In accordance with the acts of Process C, illustrated in
Continuing will finally result in the determination of first and secondary backup ports for all nodes within the network. The final result of the exemplary method applied to the network is illustrated in
§4.5 Alternatives and Refinements
The exemplary embodiments described above are practical and can be implemented with the following extensions in various embodiments. First, in at least some embodiments consistent with the present invention, the route calculation is extended such that a router first finds the primary tree for each destination and then searches for its first and secondary backup ports accordingly. Second, in at least some embodiments consistent with the present invention, the forwarding table is extended such that each entry also contains the backup ports and their attributes, which looks like Table II. This extension requires additional storage. Nonetheless, the table lookup time remains the same since the primary, first/secondary ports can be stored in parallel memory banks. Third, in at least some embodiments consistent with the present invention, the forwarding policy of each router is modified to reflect the primary and secondary backup ports. Finally, inserting the additional tags in IP headers is feasible. In IPv4 (See J. Postel, Internet Protocol, RFC 791 (Standard) (September 1981) Updated by RFC 1349.), bit0 of the Flag (currently unused) can be assigned to pk.f. The eight-bit Type of Service (TOS) can be used for pk:s, pk:c and pk:l under link failure(s). Since pk:s and pk:c need three bits, pk:l can use the rest five bits to reach a maximum level of 31, which is sufficient in today's ASs.
Some embodiments consistent with the present invention may be used to provide fast rerouting-aware logical topology design in optical networks.
§4.6 Exemplary Apparatus
In one embodiment, the machine 1400 may be one or more conventional personal computers, servers, or routers. In this case, the processing units 1410 may be one or more microprocessors. The bus 1440 may include a system bus. The storage devices 1420 may include system memory, such as read only memory (ROM) and/or random access memory (RAM). The storage devices 1420 may also include a hard disk drive for reading from and writing to a hard disk, a magnetic disk drive for reading from or writing to a (e.g., removable) magnetic disk, and an optical disk drive for reading from or writing to a removable (magneto-) optical disk such as a compact disk or other (magneto-) optical media.
A user may enter commands and information into the personal computer through input devices 1432, such as a keyboard and pointing device (e.g., a mouse) for example. Other input devices such as a microphone, a joystick, a game pad, a satellite dish, a scanner, or the like, may also (or alternatively) be included. These and other input devices are often connected to the processing unit(s) 1410 through an appropriate interface 1430 coupled to the system bus 1440. The output devices 1434 may include a monitor or other type of display device, which may also be connected to the system bus 1440 via an appropriate interface. In addition to (or instead of) the monitor, the personal computer may include other (peripheral) output devices (not shown), such as speakers and printers for example.
Thus, at least some features of the present invention may be implemented as computer-executable software (program instructions). Alternatively, or in addition, at least some features of the present invention may be implemented in hardware (e.g., as application specific integrated circuits (ASICS)).
§4.7 Conclusions
The exemplary processes guarantee 100% recovery from double-link failures. ESCAP-DL may be used for link-state routing (e.g., OSPF). The processes have low complexity and can be easily applied to practical networks to substantially shorten service disruption caused by failures. The recovery does not require advertising of failures throughout the network and can be done very quickly. Two backup ports in each router are sufficient to guarantee 100% coverage of double-link failures. This provides a lower bound of hardware complexity of the forwarding tables.
Claims
1. For use by a router in a survivable network portion, a computer-implemented method comprising:
- a) receiving a packet addressed to a destination node within the survivable network portion, wherein the packet includes an information indicating that the packet has encountered a failure; and
- b) selecting one of (A) a primary port, (B) a primary backup port and (C) a secondary backup port on which to forward the received packet, such that, in the event of a double link failure, a backup path with no dead loops is defined, wherein the act of selecting one of (A) a primary port, (B) a primary backup port and (C) a secondary backup port for local rerouting includes 1) identifying a pattern of the failure; and 2) selecting, using a forwarding policy associated with the identified pattern, one of (A) a primary port, (B) a primary backup port and (C) a secondary backup port to use for forwarding.
2. The computer-implemented method of claim 1 wherein the pattern of the failure indicates that a second link failure does not affect a backup path used by a sub-graph 3 defined by a first link failure.
3. The computer-implemented method of claim 1 wherein the pattern of the failure indicates that a second link failure is on an exit link of a backup path used by a sub-graph defined by the first link failure.
4. The computer-implemented method of claim 3 wherein the pattern of the failure indicates that first and second link failures create two sub-graphs separated from a graph which includes the destination node, and wherein the two sub-graphs are separated from each other.
5. The computer-implemented method of claim 1 wherein a first link failure defines a graph including the destination node and a disconnected sub-graph, and wherein the pattern of the failure indicates that a second link failure creates a further sub-graph within the defined sub-graph.
6. For use by a router in a survivable network portion, apparatus comprising:
- a) means for receiving a packet addressed to a destination node within the survivable network portion, wherein the packet includes an information indicating that the packet has encountered a failure; and
- b) means for selecting one of (A) a primary port, (B) a primary backup port and (C) a secondary backup port on which to forward the received packet, such that in the event of a double link failure, a backup path with no dead loops is defined, wherein the means for selecting one of (A) a primary port, (B) a primary backup port and (C) a secondary backup port for local rerouting include 1) means for identifying a pattern of the failure; and 2) means for selecting, using a forwarding policy associated with the identified pattern, one of (A) a primary port, (B) a primary backup port and (C) a secondary backup port to use for forwarding.
7. The apparatus of claim 6 wherein the pattern of the failure indicates that a second link failure does not affect a backup path used by a sub-graph defined by a first link failure.
8. The apparatus of claim 6 wherein the pattern of the failure indicates that a second link failure is on an exit link of a backup path used by a sub-graph defined by the first link failure.
9. The apparatus of claim 6 wherein the pattern of the failure indicates that first and second link failures create two sub-graphs separated from a graph which includes the destination node, and wherein the two sub-graphs are separated from each other.
10. The apparatus of claim 6 wherein a first link failure defines a graph including the destination node and a disconnected sub-graph, and wherein the pattern of the failure indicates that a second link failure creates a further sub-graph within the defined sub-graph.
20050088965 | April 28, 2005 | Atlas et al. |
20050135274 | June 23, 2005 | Molnar et al. |
20060274647 | December 7, 2006 | Wang et al. |
20070201355 | August 30, 2007 | Vasseur et al. |
20070253416 | November 1, 2007 | Raj |
20080130491 | June 5, 2008 | Chao et al. |
Type: Grant
Filed: Nov 2, 2007
Date of Patent: Sep 21, 2010
Patent Publication Number: 20080130489
Assignee: Polytechnic Institute of New York University (Brooklyn, NY)
Inventors: Hung-Hsiang Jonathan Chao (Holmdel, NJ), Kang Xi (Harrison, NJ)
Primary Examiner: Ayaz R Sheikh
Assistant Examiner: Hai-Chang Hsiung
Attorney: Straub & Pokotylo
Application Number: 11/934,213